By Sead Fadilpašić
Publication Date: 2025-11-14 15:32:00
- CISA warns agencies failed to properly patch two actively exploited Cisco firewall vulnerabilities
- CVE-2025-20333 and CVE-2025-20362 were linked to the ArcaneDoor campaign targeting government networks
- Over 32,000 devices remain vulnerable despite emergency directives and patching efforts
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning Federal Civilian Executive Branch agencies (FCEB) that some of them failed to properly patch two important Cisco vulnerabilities being actively exploited in the wild.
As a result, these agencies continue to be at risk of malware, infostealer, and possibly even ransomware attacks.
The two flaws in question are tracked as CVE-2025-20333, and CVE.2025-20362, discovered in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) software in September 2025.
Mistakes in patching
At the time, Cisco said that both were exploited as zero-days to…
/cloudfront-us-east-1.images.arcpublishing.com/morningstar/A6LZMBVCSRAHVH4UCG676LP6MY.jpg?resize=2400,1256&ssl=1 "Cisco Earnings: Healthy Demand Lifts Our Forecast")
